NSA begins crypto upgrade

15-year plan to fund new encoding technology

Editor’s note: On Sept. 10, 2001, Federal Computer Week wrote about the National Security Agency beginning a 15-year Crypto Modernization Program. The amount budgeted for the program was classified information, but it was multiple millions in the first year and expected to be greater than that in subsequent years.

The National Security Agency is beginning a 15-year, multibillion-dollar effort to modernize the nation’s cryptographic systems, which are rapidly growing obsolete and vulnerable. Cryptographic systems encode messages and include such tools as secure telephones, tactical radios and smart cards. Virtually every federal department and agency — including the military, the White House, intelligence agencies and the State Department — use encryption. But existing encryption algorithms are no longer cutting-edge, and hardware for many systems is becoming obsolete. Replacing them is a top goal for NSA’s information assurance directorate, said Michael Jacobs, who heads the directorate.

“When it comes to protecting our information, the first line of defense is NSA-provided cryptography,” said Vice Adm. Richard Mayo, Navy director of space, information warfare, command and control, speaking before the House Armed Services Committee in May. Mayo said the Navy, joint forces and allied militaries have more than “400,000 such cryptographic products of varying type in our in inventory for voice, video and data.”

“A lot of that [hardware] technology is at or [is] getting to the point where you cannot obtain replacement parts, so it’s becoming a maintenance problem,” Jacobs said. He noted that the security features in the cryptographic systems — “specifically the underlying cryptographic algorithms” — are nearing the end of their life expectancy.

The agency recently published a cryptography plan and shared its vision with 70 potential vendors this summer. NSA will fund early development of new technologies under the Crypto Modernization Program, and the various departments and agencies will acquire the systems once they have been developed.

“Information system security is the name of the game, and if NSA cannot guarantee that security, it is a serious problem,” said Steven Aftergood, intelligence policy analyst for the Federation of American Scientists. “It’s a problem for everyone who depends on secure communications, and that’s almost everyone in government.”

NSA’s budget is classified, but Jacobs said the agency has budgeted “multiple millions” of dollars just to update its cryptographic systems in 2002 and is seeking to increase funding in its 2003 to 2008 budget plan.

“We’re at the front end of this process, which in terms of dollar value is a lot smaller than the middle and back end, where acquisition starts,” Jacobs said.

Agency officials must decide which families of equipment they initially want to modify or replace; the first modernized products will likely be delivered in 2004.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.